Lucene search
+L
MicrosoftWindows Server 2016*

1705 matches found

CVE
CVE
added 2023/02/28 6:2 p.m.366 views

CVE-2023-1017

CVE-2023-1017 describes an out-of-bounds write in TPM2.0/Module Library CryptParameterDecryption. A local attacker could crash the TPM or gain arbitrary code execution in the TPM context. Affected scope includes TPM2.0 implementations via libtpms in VM TPM support and TPM modules. Public details ...

7.8CVSS7.7AI score0.01286EPSS
CVE
CVE
added 2024/04/09 5:0 p.m.366 views

CVE-2024-26229

CVE-2024-26229 is a Windows local privilege-escalation vulnerability in the CSC service (csc.sys) that can enable kernel R/W access via a vulnerable IOCTL, permitting DKOM-based token replacement to achieve SYSTEM-level LPE. Exploitation details in connected docs describe using kernel memory acce...

7.8CVSS8.1AI score0.09375EPSS
CVE
CVE
added 2026/02/10 5:51 p.m.365 views

CVE-2026-21510

CVE-2026-21510 is a Windows Shell security feature bypass vulnerability (Protection Mechanism Failure) that can allow remote code execution by bypassing SmartScreen prompts and shell warnings. Affected component: Windows Shell (explorer.exe) and related UI elements. Exploitation requires social e...

8.8CVSS5.5AI score0.25835EPSS
In wild
CVE
CVE
added 2024/03/12 4:57 p.m.363 views

CVE-2024-26161

CVE-2024-26161 affects the Microsoft WDAC OLE DB provider for SQL Server and is described as a Remote Code Execution vulnerability. The CVE entry lists a CVSS v3.1 base score of 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, and NONE privileges required, but user interaction is REQ...

8.8CVSS9.2AI score0.01947EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.362 views

CVE-2025-21189

CVE-2025-21189 is listed as MapUrlToZone Security Feature Bypass. Connected sources categorize its impact as circumvention of a security measure. Public technical detail in the provided documents is limited; no explicit root-cause, vulnerable product/version, or exploitation information is given....

4.3CVSS4.6AI score0.02913EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.357 views

CVE-2022-38028

CVE-2022-38028 is a Windows Print Spooler privilege-escalation vulnerability. It arises from improper privilege assignment in the Print Spooler service, enabling a local attacker with low privileges and no user interaction to escalate to SYSTEM. Public exploits have been observed; CISA/KEV and MS...

7.8CVSS8.3AI score0.14949EPSS
In wild
CVE
CVE
added 2017/03/17 12:0 a.m.355 views

CVE-2017-0055

CVE-2017-0055 refers to a cross-site scripting (XSS) elevation-of-privilege vulnerability in Microsoft Internet Information Services (IIS). The issue affects IIS on multiple Windows platforms (Vista through Windows Server 2016) and allows a remote attacker to craft a request that can execute scri...

6.1CVSS5.4AI score0.16369EPSS
CVE
CVE
added 2025/01/14 6:3 p.m.347 views

CVE-2025-21293

CVE-2025-21293 — Active Directory Domain Services Elevation of Privilege. The vulnerability affects Active Directory Domain Services and enables an attacker to obtain elevated privileges via network access, with a CVSS v3.1 base score of 8.8 (High) and impact on confidentiality, integrity, and av...

8.8CVSS8.8AI score0.18481EPSS
CVE
CVE
added 2025/02/11 5:58 p.m.347 views

CVE-2025-21418

CVE-2025-21418 is a heap-based buffer overflow in the Windows Ancillary Function Driver for WinSock that enables local privilege escalation to SYSTEM. Affected: Windows components exposed to local attack surface; exploitability is local with low attack complexity and no user interaction. Public r...

7.8CVSS8.2AI score0.01537EPSS
In wild
CVE
CVE
added 2024/03/12 4:57 p.m.342 views

CVE-2024-21407

CVE-2024-21407 is a Windows Hyper-V Remote Code Execution vulnerability tied to the Hyper-V component. Exploitation requires an authenticated attacker on a guest to send specially crafted file operation requests to hardware resources on the VM, which could lead to remote code execution on the hos...

8.1CVSS8.5AI score0.16384EPSS
CVE
CVE
added 2025/03/11 4:59 p.m.342 views

CVE-2025-24054

CVE-2025-24054 is a Windows NTLM vulnerability allowing an attacker to induce NTLMv2-SSP hash disclosure by leveraging explorer.exe to fetch remote SMB resources via crafted file types (notably .library-ms and .lnk/.library-ms payloads). Public PoCs and exploits demonstrate creating malicious .li...

6.5CVSS6.5AI score0.58974EPSS
In wildWeb
CVE
CVE
added 2024/08/13 5:29 p.m.341 views

CVE-2024-38193

CVE-2024-38193 concerns the Windows Ancillary Function Driver for WinSock (AFD) used by Winsock. The vulnerability is a local privilege-escalation issue in the AFD/WinSock stack, with a resource-management error cited by CNNVD and a privilege-escalation capability described by CISA KEV. Public ex...

7.8CVSS7.7AI score0.27561EPSS
In wild
CVE
CVE
added 2026/06/09 5:4 p.m.327 views

CVE-2026-47291

The CVE-2026-47291 entry describes an integer overflow/ wraparound in Windows HTTP.sys that enables a remote attacker to execute code over the network. Affected software component: Windows HTTP.sys. Root cause: integer overflow/wraparound in the HTTP.sys processing path. Impact: unauthenticated n...

9.8CVSS5.7AI score0.21506EPSS
CVE
CVE
added 2024/05/14 4:57 p.m.326 views

CVE-2024-30040

CVE-2024-30040 is a Windows MSHTML Platform Security Feature Bypass vulnerability. The affected component is MSHTML (Windows), with a root cause described as a security feature bypass in the MSHTML engine. Impact per CVSS: CVSS 3.1 base score 8.8 (High) affecting confidentiality, integrity, and a...

8.8CVSS6.3AI score0.03939EPSS
In wild
CVE
CVE
added 2025/06/10 5:2 p.m.324 views

CVE-2025-33065

CVE-2025-33065 is an information-disclosure vulnerability: an out-of-bounds read in Windows Storage Management Provider could allow an authorized attacker (local access, low privileges) to disclose information. CVSS v3.1 base metrics indicate Local access, Low attack complexity, Privileges requir...

5.5CVSS5.2AI score0.00529EPSS
CVE
CVE
added 2024/03/12 4:57 p.m.317 views

CVE-2024-21408

Microsoft’s CVE-2024-21408 is a Windows Hyper-V Denial of Service vulnerability that can be triggered by a guest to cause a host crash. The available connected sources confirm Hyper-V as the affected product, the host compromise from a guest as the attack scenario, and a DoS impact. The CVSS vect...

5.5CVSS6.8AI score0.04507EPSS
CVE
CVE
added 2024/08/13 5:29 p.m.315 views

CVE-2024-38213

CVE-2024-38213 is a Windows Mark of the Web (MoTW) security feature bypass vulnerability. Affected software involves Windows MoTW handling; the flaw allows downloaded web-origin files to bypass warnings/ protections, enabling potentially malicious content to execute. Exploitation information in c...

6.5CVSS6.5AI score0.1337EPSS
In wild
CVE
CVE
added 2026/02/10 5:51 p.m.306 views

CVE-2026-21533

CVE-2026-21533 affects Windows Remote Desktop Services (RDS) and is caused by improper privilege management (CWE-269), allowing a local authenticated attacker with low privileges to elevate to SYSTEM. Multiple connected sources corroborate that the issue is a local EoP in RDS with CVSSv3 7.8 (HIG...

7.8CVSS5.5AI score0.03846EPSS
In wild
CVE
CVE
added 2024/08/13 5:29 p.m.305 views

CVE-2024-38178

CVE-2024-38178 is a Microsoft Windows Scripting Engine memory corruption vulnerability that exists in Edge when running Internet Explorer mode. It enables remote code execution and is being actively exploited in the wild, with public pressure reflected in multiple advisories and exploit catalogs....

7.5CVSS7.4AI score0.39196EPSS
In wild
CVE
CVE
added 2025/03/11 4:59 p.m.298 views

CVE-2025-24993

CVE-2025-24993 is a Windows NTFS heap-based buffer overflow that allows a locally authenticated attacker to execute arbitrary code. Affected component is NTFS on Windows; root cause is a heap-based overflow in NTFS handling. CVSS v3.1 indicates local attack vector, no privileges required, user in...

7.8CVSS8AI score0.02092EPSS
In wild
CVE
CVE
added 2025/03/11 4:59 p.m.297 views

CVE-2025-24985

CVE-2025-24985 affects the Windows Fast FAT File System Driver and is caused by an integer overflow/wraparound, enabling local code execution. The vulnerability has seen exploitation in the wild (per Krebs/Microsoft Patch Tuesday coverage), and mitigation is to install the MSRC-released updates l...

7.8CVSS7.8AI score0.03705EPSS
In wild
CVE
CVE
added 2023/02/28 5:54 p.m.296 views

CVE-2023-1018

CVE-2023-1018 is an out-of-bounds read in TPM 2.0’s Module Library (CryptParameterDecryption) that could allow a local attacker to read sensitive data stored in the TPM. Connected advisories confirm a local, authenticated access scenario and note TPM exposure on affected IBM Power firmware (Power...

5.5CVSS6.5AI score0.05552EPSS
CVE
CVE
added 2026/04/14 4:58 p.m.296 views

CVE-2026-33824

CVE-2026-33824 is a Windows IKE Extension (ikeext) remote code execution vulnerability caused by a double-free in IKEEXT. ZDI notes it is wormable and affects systems with IKE enabled; exploitation can occur over UDP/500-4500 and may enable lateral movement from inside networks. Microsoft has iss...

9.8CVSS5.9AI score0.5585EPSS
CVE
CVE
added 2024/03/12 4:57 p.m.294 views

CVE-2024-21438

Technical details for CVE-2024-21438 are not provided in the supplied documents. Monitor for updates from the connected sources to obtain affected product, root cause, impact, and remediation information.

7.5CVSS7.6AI score0.02718EPSS
CVE
CVE
added 2024/04/09 5:0 p.m.292 views

CVE-2024-26207

CVE-2024-26207 is a Windows Remote Access Connection Manager information disclosure vulnerability. Affected component: Windows Remote Access Connection Manager (local attacker? per CVSS v3.1 shows LOCAL with low complexity and low privileges). Documented impact in the connected NCSC advisory (NCS...

5.5CVSS6.6AI score0.00755EPSS
CVE
CVE
added 2024/10/08 5:35 p.m.290 views

CVE-2024-37976

CVE-2024-37976 is described as a Windows EFI Partition vulnerability: a security feature bypass (Circumvention of security measure) with CVSS 3.1 base score 6.7 (LOCAL, LOW attack complexity, HIGH privileges required, no user interaction). The connected data specifies affected component as Window...

6.7CVSS7.3AI score0.00578EPSS
CVE
CVE
added 2024/08/13 5:29 p.m.288 views

CVE-2024-38106

CVE-2024-38106 is a Windows kernel local privilege escalation vulnerability. The Windows kernel race condition allows a local attacker with low privileges to gain SYSTEM-level access and execute code with high impact. Microsoft lists this CVE as being actively exploited in the wild. The advisory ...

7CVSS6.9AI score0.06337EPSS
In wild
CVE
CVE
added 2024/09/10 4:53 p.m.282 views

CVE-2024-38217

CVE-2024-38217 is a security feature bypass in Microsoft Windows Mark of the Web (MOTW). The vulnerability allows bypassing MOTW protections when opening booby-trapped Office files, as discussed in multiple sources. Exploitation details are not fully disclosed in the provided documents, but the C...

5.4CVSS7.3AI score0.09756EPSS
In wild
CVE
CVE
added 2024/03/12 4:58 p.m.278 views

CVE-2024-21437

CVE-2024-21437 is a Windows Graphics Component elevation-of-privilege vulnerability (local access, low attack complexity) affecting Windows OS. Public references corroborate it as a Windows Graphics Component issue discussed among Patch Tuesday updates, highlighting it among elevated-risk vulnera...

7.8CVSS8.1AI score0.08031EPSS
CVE
CVE
added 2024/09/10 4:54 p.m.278 views

CVE-2024-30073

CVE-2024-30073 is a Windows Security Zone Mapping security feature bypass vulnerability. The public records show a CVSS v3.1 base score of 7.8 (High) with Local attack vector, low attack complexity, no privileges required, but user interaction required, and impact to confidentiality, integrity, a...

7.8CVSS8.6AI score0.00899EPSS
CVE
CVE
added 2023/11/14 5:57 p.m.277 views

CVE-2023-36424

CVE-2023-36424 is documented as a Windows kernel-level out-of-bounds read vulnerability in the Common Log File System Driver (clfs.sys) that enables privilege escalation. Connected sources describe a pool overflow/record-validation flaw in clfs.sys (Windows Kernel pool management) exploited via c...

7.8CVSS8.6AI score0.12184EPSS
In wild
CVE
CVE
added 2025/02/11 5:58 p.m.277 views

CVE-2025-21181

Technical details (affected products/versions, root cause, exploitability, fixes) for CVE-2025-21181 are not provided in the supplied documents. Please monitor official advisories for concrete technical information.

7.5CVSS7.8AI score0.03357EPSS
CVE
CVE
added 2024/03/12 4:58 p.m.274 views

CVE-2024-21427

CVE-2024-21427 is a Windows Kerberos Security Feature Bypass vulnerability. The CVSSv3.1 base score is 7.5 (High): Vector AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network exploitation with high impact to confidentiality, integrity, and availability. The attack vector is network, requiring ...

7.5CVSS7.7AI score0.01534EPSS
CVE
CVE
added 2025/03/11 4:59 p.m.271 views

CVE-2025-24984

CVE-2025-24984 is an NTFS information-disclosure vulnerability in Windows NTFS caused by insertion of sensitive data into a log file, potentially leaking heap memory when a physical medium is mounted or accessed. CVSS v3.1 vector: AV=Physical/AC=L/PR=None/UI=None/S=Unchanged/C=High/I=None/A=None;...

4.6CVSS6.1AI score0.01831EPSS
In wild
CVE
CVE
added 2017/05/12 2:0 p.m.270 views

CVE-2017-0214

CVE-2017-0213 is a Windows Privilege Escalation flaw in the COM Aggregate Marshaler. Reports confirm it enables local elevation of privilege when a specially crafted app is run, affecting Windows client and server SKUs listed in the CVE description. Several connected sources document exploitation...

7CVSS5.9AI score0.03457EPSS
In wild
CVE
CVE
added 2024/02/13 6:2 p.m.268 views

CVE-2024-21372

Technical details for CVE-2024-21372 are not publicly available in the provided documents. The connected items only reference the CVE among broader Windows vulnerability listings; no affected product/version, root cause, impact, or fixes are stated.

8.8CVSS9AI score0.01806EPSS
CVE
CVE
added 2024/03/12 4:58 p.m.268 views

CVE-2024-26166

Technical details about CVE-2024-26166 (affected software, root cause, impact, or fixes) are not provided in the connected documents. Please monitor for official advisories from Microsoft and CVE records for updates.

8.8CVSS8.8AI score0.02043EPSS
CVE
CVE
added 2024/08/13 5:30 p.m.268 views

CVE-2024-38107

CVE-2024-38107 is a Windows Privilege Escalation vulnerability in the Power Dependency Coordinator. Affected component: Windows Power Dependency Coordinator. Impact: local attacker with low privileges can obtain SYSTEM privileges (vector: local, no user interaction). Root cause details are not pr...

7.8CVSS7.7AI score0.01635EPSS
In wild
CVE
CVE
added 2024/08/13 5:30 p.m.268 views

CVE-2024-38118

Technical details (affected component, root cause, exploit info, patch status) for CVE-2024-38118 are not provided in the connected documents. The initial description notes LSA server information disclosure but lacks concrete specifics; monitor for updates.

5.5CVSS5.2AI score0.00629EPSS
CVE
CVE
added 2024/03/12 4:58 p.m.267 views

CVE-2024-21433

Technical details for CVE-2024-21433 are not publicly available in the provided documents. No affected products, root cause, or remediation are specified here. Monitor for updates.

7CVSS8AI score0.05138EPSS
CVE
CVE
added 2025/03/11 4:59 p.m.266 views

CVE-2025-24991

CVE-2025-24991 is an NTFS out-of-bounds read vulnerability in Windows that can disclose local information after mounting a malicious VHD. Exploitation requires local access and user interaction (per CVSS) or mounting a crafted disk image (per patch-cycle reporting). Microsoft has issued updates; ...

5.5CVSS6.5AI score0.01852EPSS
In wild
CVE
CVE
added 2024/03/12 4:58 p.m.265 views

CVE-2024-26162

CVE-2024-26162 corresponds to a remote code execution vulnerability in the Microsoft ODBC Driver. The CVSS 3.1 base metrics indicate: Network attack vector, low attack complexity, no privileges required, user interaction is required, and there is a High impact to confidentiality, integrity, and a...

8.8CVSS8.9AI score0.02024EPSS
CVE
CVE
added 2024/12/10 5:49 p.m.264 views

CVE-2024-49113

CVE-2024-49113 is a Windows LDAP Denial-of-Service vulnerability affecting the LDAP client. Public PoCs exist (e.g., LDAPNightmare) and show proof-of-concept testing integrated with Metasploit and other repositories; multiple exploit/checker projects also reference testing for this CVE. The descr...

7.5CVSS7.5AI score0.82992EPSS
CVE
CVE
added 2025/05/13 4:59 p.m.263 views

CVE-2025-30397

CVE-2025-30397 is a memory-corruption/Use-After-Free style vulnerability in the Microsoft Scripting Engine (jscript.dll) that enables remote code execution via specially crafted web content. The CVE’s affected component is the JScript/Windows Scripting Engine, with an attack vector over the netwo...

7.5CVSS7.5AI score0.21228EPSS
In wild
CVE
CVE
added 2017/03/17 12:0 a.m.262 views

CVE-2017-0025

Technical details such as affected products, vulnerable components, impact, and remediation for CVE-2017-0025 are not provided in the connected documents; no publicly disclosed specifics are included here. Monitor for updates.

7.8CVSS6.2AI score0.01835EPSS
In wild
CVE
CVE
added 2024/02/13 6:2 p.m.262 views

CVE-2024-21370

Public technical details for CVE-2024-21370 are not provided in the connected documents; the OpenVAS entries enumerate the CVE across multiple Microsoft KBs without product/version specifics. Monitor for updates.

8.8CVSS9.2AI score0.01768EPSS
CVE
CVE
added 2024/04/09 5:0 p.m.262 views

CVE-2024-26234

CVE-2024-26234 is a locally exploitable proxy driver spoofing vulnerability in Windows. The issue is tied to the Windows Proxy Driver, with exploitation requiring high privileges and no user interaction, leading to potential confidentiality, integrity, and availability impacts as indicated by the...

6.7CVSS7.4AI score0.04853EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.261 views

CVE-2024-21350

CVE-2024-21350 corresponds to a Remote Code Execution vulnerability in the Microsoft WDAC OLE DB provider for SQL Server. The entry lists a CVSS v3.1 base score of 8.8 (HIGH), with attack vector NETWORK, privileges required NONE, user interaction REQUIRED, and both confidentiality, integrity, and...

8.8CVSS9.2AI score0.01484EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.260 views

CVE-2024-21358

Technical details about CVE-2024-21358 (Microsoft WDAC OLE DB provider for SQL Server remote code execution) are not provided in the supplied documents. Monitor for official updates from Microsoft and trusted security advisories for affected products, mitigations, and fixes.

8.8CVSS9.2AI score0.01768EPSS
CVE
CVE
added 2021/12/15 2:15 p.m.259 views

CVE-2021-43226

CVE-2021-43226 pertains to the Windows Common Log File System (CLFS) Driver. The available documents identify a local privilege-escalation vulnerability in CLFS that could allow a privileged attacker on a Windows host to gain higher privileges. The CVE is listed in the KEV catalog as a Microsoft ...

7.8CVSS8.6AI score0.03072EPSS
In wild
Total number of security vulnerabilities1705